> Similarly: 3DES isn't stronger than 112 bits. I'm not claiming that
> 3DES is weaker than 112 bits. I claim that some smart people found
> that cracking 3DES requires only on the order of 2^112 operations,

2^112 operations, given 2^56 blocks of memory. Since DES has an 8 byte
block, that's 512 petabytes. That's a lot of memory, at least in my book.

> and that keying 3DES with 112bits of significant key was possible, and
> that therefore it is useless to use 3DES with more than 112 bits of
> key.
>
> Why is DES keyed with 56 bits, and not 64? Nobody seemed to know until
> a few years ago someone showed that keyed with 56 or 64 bits,
> cryptanalysis of DES requires 2^56 operations. The same should be done
> with 3DES: If cryptanalysis can be done in 2^112 operations, it should
> be keyed with 112 bits, and not with an arbitrarily higher number.

3DES keyed with 112 bits of key can be broken with 2^56 operations and
2^56 memory, which is much easier than the 2^112 operations and 2^56
memory that is required to break 3DES with a 168 bit key.

Jack

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]